Since the end of 2017, the Law “About Informatization” has been supplemented by Article 7-2 “The provision of services related to the provision of information necessary to ensure the information security objects of IKI ... is carried out within the framework of the activity of the Information Security Operations Center ”. The activity of the Information Security Operations Center is carried out on the basis of a license for the provision of services to identify technical channels of information leakage. To obtain a license, we must fulfill the qualification requirements and pass the exam.
Given that the provision of pentest services without a license will now be in violation of the law, we had to file an application for obtaining this permits. After six months of correspondence and several failed attempts to prove their compliance with the requirements, we still managed to get a long-awaited license.
One of the requirements for the applicant - the presence of several certified specialists OSCP and OSWP. There are only six such specialists in Kazakhstan, four of whom are in the TSARKA team. We hope in the near future these specialists will become much more, but for now we have to work with the existing talent pool of white hackers.
In our practice, we have repeatedly identified vulnerabilities in security systems that had already been checked by “experts” and had positive reports the day before. Now the service provider will be forced to meet the minimum requirements of the regulator, and customers, in turn, will be confident in the qualifications of the service provider.